blob: f6f03d0db5a95ef78ac3e0f5156ba9448baaad9b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# enable this option if you want to send logs to local syslog facility
logging:logging_level = debug
logging:local_syslog_logging = on
# list of all your networks in CIDR format
networks_list_path = /run/fastnetmon/networks_list
# list networks in CIDR format which will be not monitored for attacks
white_list_path = /run/fastnetmon/excluded_networks_list
# Enable/Disable any actions in case of attack
enable_ban = on
enable_ban_ipv6 = on
## How many packets will be collected from attack traffic
ban_details_records_count = 500
## How long (in seconds) we should keep an IP in blocked state
## If you set 0 here it completely disables unban capability
{% if ban_time is vyos_defined %}
ban_time = {{ ban_time }}
{% endif %}
# Check if the attack is still active, before triggering an unban callback with this option
# If the attack is still active, check each run of the unban watchdog
unban_only_if_attack_finished = on
# enable per subnet speed meters
# For each subnet, list track speed in bps and pps for both directions
enable_subnet_counters = off
{% if mode is vyos_defined('mirror') %}
mirror_afpacket = on
{% elif mode is vyos_defined('sflow') %}
sflow = on
{% if sflow.port is vyos_defined %}
sflow_port = {{ sflow.port }}
{% endif %}
{% if sflow.listen_address is vyos_defined %}
sflow_host = {{ sflow.listen_address }}
{% endif %}
{% endif %}
process_incoming_traffic = {{ 'on' if direction is vyos_defined and 'in' in direction else 'off' }}
process_outgoing_traffic = {{ 'on' if direction is vyos_defined and 'out' in direction else 'off' }}
{% if threshold is vyos_defined %}
{% if threshold.general is vyos_defined %}
# General threshold
{% for thr, thr_value in threshold.general.items() %}
{% if thr is vyos_defined('fps') %}
ban_for_flows = on
threshold_flows = {{ thr_value }}
{% elif thr is vyos_defined('mbps') %}
ban_for_bandwidth = on
threshold_mbps = {{ thr_value }}
{% elif thr is vyos_defined('pps') %}
ban_for_pps = on
threshold_pps = {{ thr_value }}
{% endif %}
{% endfor %}
{% endif %}
{% if threshold.tcp is vyos_defined %}
# TCP threshold
{% for thr, thr_value in threshold.tcp.items() %}
{% if thr is vyos_defined('fps') %}
ban_for_tcp_flows = on
threshold_tcp_flows = {{ thr_value }}
{% elif thr is vyos_defined('mbps') %}
ban_for_tcp_bandwidth = on
threshold_tcp_mbps = {{ thr_value }}
{% elif thr is vyos_defined('pps') %}
ban_for_tcp_pps = on
threshold_tcp_pps = {{ thr_value }}
{% endif %}
{% endfor %}
{% endif %}
{% if threshold.udp is vyos_defined %}
# UDP threshold
{% for thr, thr_value in threshold.udp.items() %}
{% if thr is vyos_defined('fps') %}
ban_for_udp_flows = on
threshold_udp_flows = {{ thr_value }}
{% elif thr is vyos_defined('mbps') %}
ban_for_udp_bandwidth = on
threshold_udp_mbps = {{ thr_value }}
{% elif thr is vyos_defined('pps') %}
ban_for_udp_pps = on
threshold_udp_pps = {{ thr_value }}
{% endif %}
{% endfor %}
{% endif %}
{% if threshold.icmp is vyos_defined %}
# ICMP threshold
{% for thr, thr_value in threshold.icmp.items() %}
{% if thr is vyos_defined('fps') %}
ban_for_icmp_flows = on
threshold_icmp_flows = {{ thr_value }}
{% elif thr is vyos_defined('mbps') %}
ban_for_icmp_bandwidth = on
threshold_icmp_mbps = {{ thr_value }}
{% elif thr is vyos_defined('pps') %}
ban_for_icmp_pps = on
threshold_icmp_pps = {{ thr_value }}
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
{% if listen_interface is vyos_defined %}
interfaces = {{ listen_interface | join(',') }}
{% endif %}
{% if alert_script is vyos_defined %}
notify_script_path = {{ alert_script }}
{% endif %}
|
